I would like to use my own SSH server CLI shell on some embedded
device, is it possible that I use
security of OpenSSL but my own CLI ?

If it is possible , how do I modify inetd.conf( or xinetd.conf) and
sshd_config ? Should I modify OpenSSH source code ?

Thank you .

10-13-2007, 07:21 AM

unix

Re: Can we use self SSH server ?

On 2007-10-13, [email]kid1972tw@yahoo.com.tw[/email] <kid1972tw@yahoo.com.tw> wrote:[color=blue]
> I would like to use my own SSH server CLI shell on some embedded
> device, is it possible that I use
> security of OpenSSL but my own CLI ?[/color]

Yes, but follow the licences; which for OpenSSL is dual-licence in BSD style.
[color=blue]
> If it is possible , how do I modify inetd.conf( or xinetd.conf) and
> sshd_config ? Should I modify OpenSSH source code ?[/color]

I haven't looked at this in detail but it may help.
[url]http://marc.info/?l=openbsd-misc&m=96282707812765&w=2[/url]

In article <1192257402.771360.89120@q3g2000prf.googlegroups.com>
[email]kid1972tw@yahoo.com.tw[/email] writes:[color=blue]
>
>I would like to use my own SSH server CLI shell on some embedded
>device, is it possible that I use
> security of OpenSSL but my own CLI ?[/color]

Sshd normally just runs the user's login shell, per /etc/passwd. If your
embedded device is Unix-based (and it sounds so), it's just a matter of
having a custom shell (which then works also for e.g. console login).

--Per Hedeland
[email]per@hedeland.org[/email]

10-13-2007, 07:20 PM

unix

Re: Can we use self SSH server ?

On 10 13 , 9 02 , p...@hedeland.org (Per Hedeland) wrote:[color=blue]
> In article <1192257402.771360.89...@q3g2000prf.googlegroups.com>
>
> kid197...@yahoo.com.tw writes:
>[color=green]
> >I would like to use my own SSH server CLI shell on some embedded
> >device, is it possible that I use
> > security of OpenSSL but my own CLI ?[/color]
>
> Sshd normally just runs the user's login shell, per /etc/passwd. If your
> embedded device is Unix-based (and it sounds so), it's just a matter of
> having a custom shell (which then works also for e.g. console login).
>
> --Per Hedeland
> p...@hedeland.org[/color]

Hi

If I change root login shell , how can I change it back ?

And if my own CLI would like to use other shell's commands , can 2
shell co-work , should I handle their system call to kernel myself ?

Thanks very much

10-14-2007, 01:20 AM

unix

Re: Can we use self SSH server ?

In article <1192301387.389497.167920@i38g2000prf.googlegroups.com>
[email]kid1972tw@yahoo.com.tw[/email] writes:[color=blue]
>
>If I change root login shell , how can I change it back ?[/color]

Boot single-user. But the "custom CLI" users of your embedded system
probably shouldn't log in as "root" anyway (you can of course have other
users with uid 0 if you need to).
[color=blue]
>And if my own CLI would like to use other shell's commands , can 2
>shell co-work , should I handle their system call to kernel myself ?[/color]

Well, if you don't know how "your own CLI" should work, I guess you have
some work ahead of you. This is not the place to discuss that though, it
has nothing to do with SSH, nor can SSH magically fix things for you
even if you modify the source. You could possibly use the "subsystem"
feature of SSH to start some other program than the user's login shell,
but I don't think it would go down well the user's of your device to
have to do something other than a "plain login".

--Per Hedeland
[email]per@hedeland.org[/email]

10-14-2007, 07:21 AM

unix

Re: Can we use self SSH server ?

On 10 14 , 7 26 , p...@hedeland.org (Per Hedeland) wrote:
[color=blue]
> Well, if you don't know how "your own CLI" should work, I guess you have
> some work ahead of you. This is not the place to discuss that though, it
> has nothing to do with SSH, nor can SSH magically fix things for you
> even if you modify the source. You could possibly use the "subsystem"
> feature of SSH to start some other program than the user's login shell,
> but I don't think it would go down well the user's of your device to
> have to do something other than a "plain login".
> --Per Hedeland
> p...@hedeland.org[/color]

Hi

I've tried to use system command in my own CLI when I use it for login
shell , this way works very well .

thank for your great help :-))

10-14-2007, 01:20 PM

unix

Re: Can we use self SSH server ?

In article <1192339961.539633.107140@y27g2000pre.googlegroups.com>
[email]kid1972tw@yahoo.com.tw[/email] writes:[color=blue]
>On 10 14 , 7 26 , p...@hedeland.org (Per Hedeland) wrote:
>[color=green]
>> Well, if you don't know how "your own CLI" should work, I guess you have
>> some work ahead of you. This is not the place to discuss that though, it
>> has nothing to do with SSH, nor can SSH magically fix things for you
>> even if you modify the source. You could possibly use the "subsystem"
>> feature of SSH to start some other program than the user's login shell,
>> but I don't think it would go down well the user's of your device to
>> have to do something other than a "plain login".[/color][/color]
[color=blue]
>I've tried to use system command in my own CLI when I use it for login
>shell , this way works very well .[/color]

Well, still not related to SSH but at least to security: If you want to
restrict what users can do in your CLI, you need to be very careful
about what you pass to system(), since it's given directly to /bin/sh.
E.g. if you pass arguments that have been entered in the CLI without
checking for shell metacharacters etc, the CLI user can run whatever
command he wants. A safer approach is to run those "shell commands"
yourself via fork()/exec*().